5.22.0 macOS binaries will not execute because the signing certificate is out of sync with the provisioning profile. 5.22.1 replaces it.
What's Changed
Features
- Make escapeNonPrintableBytes UTF-8 aware by @nulmete in #8777
- Note: This changes some query results that formerly were rendered as raw unicode bytes and will now be rendered as the corresponding characters.
- Update virtual sql functions to support multiple constraints by @brian-mckinney in #8746
- This allows SELECT * FROM vscode_extensions WHERE uid in (SELECT uid FROM users WHERE include_remote = 1) and similar queries that join or subquery to the users table to include results for remote users.
- Add support for retries in carver by @zwass in #8740
- Preserve file metadata in carver archives by @zwass in #8752
- Add machine-wide provisioned MSIX packages to programs table (#8001) by @getvictor in #8772
Build & Dependencies
- Update osquery-toolchain to 1.2.0 (LLVM 11.0.0, zlib 1.2.13) by @zwass in #8773
- Update Apple provisioning profile for new developer certificates by @zwass in #8780
- build: suppress enum-constexpr-conversion error for boost mpl on macos by @sharvilshah in #8742
- lib: Update openssl to 3.6.1 by @sharvilshah in #8766
Fixes
- Quit carving when sending a block fails by @zwass in #8733
- Fix SMBIOS CPU count by @agiacomolli in #8737
- Fix systemd unit: use .target instead of .service by @ideologysec in #8771
- Fix typo in winbaseobj.table description by @SquidCooki2 in #8768
- Fix JSON handling copy vs. ref semantics by @zwass in #8738
- Fix memory leak in logon_sessions by @directionless in #8779
New Contributors
- @ideologysec made their first contribution in #8771
- @SquidCooki2 made their first contribution in #8768
- @nulmete made their first contribution in #8777
- @brian-mckinney made their first contribution in #8746
Full Changelog: 5.21.0...5.22.1
